Report - dryerlast.com/nrxsytgc?tkhz=62&refer=https://lacuevaplay.com/&kw=[]&key=d97869ff316a37b05e888dcd488e32c3&scrWidth=360&scrHeight=800&tz=-5&v=25.4.8000&ship=&psid=lacuevaplay.com,lacuevaplay.com&sub3=invoke_layer&res=14.229&dev=r&uuid=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1&adb=n&adb=n&adb=n

Report Overview

Visited public
2025-05-01 17:53:18
Tags
URL
dryerlast.com/nrxsytgc?tkhz=62&refer=https://lacuevaplay.com/&kw=[]&key=d97869ff316a37b05e888dcd488e32c3&scrWidth=360&scrHeight=800&tz=-5&v=25.4.8000&ship=&psid=lacuevaplay.com,lacuevaplay.com&sub3=invoke_layer&res=14.229&dev=r&uuid=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1&adb=n&adb=n&adb=n
Finishing URL
d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1#
IP / ASN
172.240.108.84
#7979 SERVERS-COM
Title
DDOS-GUARD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dryerlast.com	unknown	2024-05-07	2025-01-01	2025-01-01	4.6 kB	60 kB	172.240.108.76
momotrk.com	unknown	2025-02-02	2025-03-11	2025-04-27	626 B	53 kB	157.90.104.39
d09r9rqnaffc739o4mtg.roscguard.pro	unknown	2025-04-19	2025-05-01	2025-05-01	1.7 kB	53 kB	104.21.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-01	medium	dryerlast.com	Sinkholed
2025-05-01	medium	momotrk.com	Sinkholed
2025-05-01	medium	dryerlast.com	Sinkholed
2025-05-01	medium	dryerlast.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1	ScriptElement	14 kB	2025-04-16	2025-05-20
Pretty URL d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1 IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 19:19 Last Seen2025-05-20 07:42 Times Seen74 Hash 7f7468f96e2276b0e16a360a4eba5095 7a14168f491e4f9aa8a94e5e19f5797bdafafa25 af2c757cdeaa4178dfd695d3e29e799ab98209749846db246df95bbd555ea7ef Loading...

	d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1	ScriptElement	3.4 kB	2025-04-16	2025-05-20
Pretty URL d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1 IP 104.21.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 19:19 Last Seen2025-05-20 07:42 Times Seen74 Hash 2e4b7e9a683a5e58448dbbd3f4b18b7c 3b0127425e9cafe5f20d1493d120d4ae09ef8aa5 504721f7346e0b4e8dacc93b23283e1b7eda9969d5cd2819b6125d1a04e6cfea Loading...

HTTP Transactions (6)

URL IP Response Size

dryerlast.com/favicon.ico

172.240.108.76

200 OK

0 B

URL GET
dryerlast.com/favicon.ico
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://dryerlast.com/nrxsytgc?tkhz=62&refer=https://lacuevaplay.com/&kw=[]&key=d97869ff316a37b05e888dcd488e32c3&scrWidth=360&scrHeight=800&tz=-5&v=25.4.8000&ship=&psid=lacuevaplay.com,lacuevaplay.com&sub3=invoke_layer&res=14.229&dev=r&uuid=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1&adb=n&adb=n&adb=n
Certificate
IssuerLet's Encrypt
Subjectdryerlast.com
Fingerprint00:8E:AA:B2:9C:33:E0:AD:99:44:0B:3F:FE:DA:62:29:56:1F:54:C5
ValidityWed, 05 Mar 2025 21:08:26 GMT - Tue, 03 Jun 2025 21:08:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dryerlast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dryerlast.com/api/users?token=L25yeHN5dGdjP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MjAyODQwOTU
Cookie: uid_id2=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDI4NDA5NSwiayI6ImQ5Nzg2OWZmMzE2YTM3YjA1ZTg4OGRjZDQ4OGUzMmMzIiwic2lkIjoibGFjdWV2YXBsYXkuY29tLGxhY3VldmFwbGF5LmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6Mjg3MzgzMywicGlkIjozNDkyNDYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyOCwicHQiOjQsInBrIjoibnJ4c3l0Z2MiLCJjcGtzIjp7IjI5IjoiZDRlMjMzNmU2YjdkMzM4OGU4MGRjNDVmZDFhZWI2NDYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9sYWN1ZXZhcGxheS5jb20vIiwiYXIiOltdfX0.qckXFHlabaioxW9RZwVVgoRGNR014RprQ7Q8atckGo4; cjs=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 01 May 2025 17:52:47 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 98d006a4d576621d8b5c9831a0b75744
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

momotrk.com/click?key=66e5a790cc9067f6c530&t=0.003110&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies

157.90.104.39

307 Temporary Redirect

52 kB

URL User Request GET
momotrk.com/click?key=66e5a790cc9067f6c530&t=0.003110&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies
IP
157.90.104.39:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectmomotrk.com
FingerprintE1:14:A8:61:97:98:EA:02:D3:F9:C9:C4:59:C4:2F:74:43:C0:30:9A
ValidityThu, 03 Apr 2025 17:42:02 GMT - Wed, 02 Jul 2025 17:42:01 GMT

File type

Size
52 kB (51944 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /click?key=66e5a790cc9067f6c530&t=0.003110&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies HTTP/1.1
Host: momotrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dryerlast.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Thu, 01 May 2025 17:52:47 GMT
location: https://d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1
server: Caddy
set-cookie: uclick=mrzYkFxaat41herxYWCYsIJWSh0Hh1fgmj5kEbAHaR0E+IL+szqB0qlmeiGKLnx0boTxTME=; Max-Age=31536000; SameSite=Lax
bcid=d09r9rqnaffc739o4mtg; Max-Age=31536000; SameSite=Lax
x-request-id: 3f270d1c-ffa1-4d55-ad3f-7175b822001b
content-length: 0
X-Firefox-Spdy: h2

d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1

104.21.96.1

200 OK

52 kB

URL User Request GET
d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectroscguard.pro
FingerprintEA:73:41:B5:87:A3:94:08:E1:BA:33:EA:54:CC:B6:12:5A:6A:AD:BA
ValiditySat, 19 Apr 2025 09:32:28 GMT - Fri, 18 Jul 2025 09:32:27 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (15902), with CRLF line terminators
Size
52 kB (51944 bytes)
Hash
be336b5ba8f0248f57a9c5ffe822db57
e32c8c33828436ad93b22744bbcc1227ebf3df4f
794fc30ced4c52066b2905a7b245f8f51c21b146bdc934c888fd4915af7a1497

HTTP Headers

GET /x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1 HTTP/1.1
Host: d09r9rqnaffc739o4mtg.roscguard.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dryerlast.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 May 2025 17:52:48 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: accept-encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 9391227bee70f5ea-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d09r9rqnaffc739o4mtg.roscguard.pro/favicon.ico

104.21.96.1

404 Not Found

153 B

URL GET
d09r9rqnaffc739o4mtg.roscguard.pro/favicon.ico
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1
Certificate
IssuerLet's Encrypt
Subjectroscguard.pro
FingerprintEA:73:41:B5:87:A3:94:08:E1:BA:33:EA:54:CC:B6:12:5A:6A:AD:BA
ValiditySat, 19 Apr 2025 09:32:28 GMT - Fri, 18 Jul 2025 09:32:27 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: d09r9rqnaffc739o4mtg.roscguard.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d09r9rqnaffc739o4mtg.roscguard.pro/x/?lp_key=1746136a01e3b6e6a1ea83c6f845c3d21d25b22267&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies&key=66e5a790cc9067f6c530&clickid=d09r9rqnaffc739o4mtg&trk=momotrk.com&fdd=d37e9974973a418dbc44449c3d8882ac&vpb=BNo5oW59e04hbd2mSEhXMWmv8kVp7S_X9BFfUhId6kAx70i1NWDsugMg5TgcZbHvPmJheSANlNElxJ1vt5THz0k&language=en-US&feed=800e&zone=4497adf3&dm=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 01 May 2025 17:52:48 GMT
content-type: text/html
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zHroVPTCeJipBmiGCuSJWrhwbyKjUPJ21Tg7bZseGGGh5tEeeFvx%2BIBVmzeFKCih5txqjWERgK5ekEy2rVsqhJmk5P%2FtCHdKe6xiha9EorvHGxU5x91StWUrnXx21SkSIzpeFc22y%2BafHwwneZCVtAag700f"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
content-encoding: br
cf-ray: 9391227e98dbf5b5-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27595&min_rtt=21187&rtt_var=12010&sent=16&recv=11&lost=0&retrans=0&sent_bytes=3487&recv_bytes=1651&delivery_rate=1292&cwnd=12000&unsent_bytes=0&cid=ab573ff44bca1ec7&ts=373&x=16"

dryerlast.com/nrxsytgc?tkhz=62&refer=https://lacuevaplay.com/&kw=[]&key=d97869ff316a37b05e888dcd488e32c3&scrWidth=360&scrHeight=800&tz=-5&v=25.4.8000&ship=&psid=lacuevaplay.com,lacuevaplay.com&sub3=invoke_layer&res=14.229&dev=r&uuid=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1&adb=n&adb=n&adb=n

192.243.61.225

200 OK

4.8 kB

URL User Request GET
dryerlast.com/nrxsytgc?tkhz=62&refer=https://lacuevaplay.com/&kw=[]&key=d97869ff316a37b05e888dcd488e32c3&scrWidth=360&scrHeight=800&tz=-5&v=25.4.8000&ship=&psid=lacuevaplay.com,lacuevaplay.com&sub3=invoke_layer&res=14.229&dev=r&uuid=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1&adb=n&adb=n&adb=n
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectdryerlast.com
Fingerprint00:8E:AA:B2:9C:33:E0:AD:99:44:0B:3F:FE:DA:62:29:56:1F:54:C5
ValidityWed, 05 Mar 2025 21:08:26 GMT - Tue, 03 Jun 2025 21:08:25 GMT

File type
HTML document, ASCII text, with very long lines (4793)
Size
4.8 kB (4794 bytes)
Hash
ba086d7935519dc5ead7b79f7d56ea2b
9ca11269bb44fb08fc0cd9c9820e2d7da70ea31c
99f5b22d2c4bbc6d0c95f0bd51b07c032e6421a588e417977913e04ced2b7d44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /nrxsytgc?tkhz=62&refer=https://lacuevaplay.com/&kw=[]&key=d97869ff316a37b05e888dcd488e32c3&scrWidth=360&scrHeight=800&tz=-5&v=25.4.8000&ship=&psid=lacuevaplay.com,lacuevaplay.com&sub3=invoke_layer&res=14.229&dev=r&uuid=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1&adb=n&adb=n&adb=n HTTP/1.1
Host: dryerlast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 01 May 2025 17:52:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: uid_id2=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1; expires=Thu, 08 May 2025 17:52:46 GMT; path=/
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDI4NDA5NSwiayI6ImQ5Nzg2OWZmMzE2YTM3YjA1ZTg4OGRjZDQ4OGUzMmMzIiwic2lkIjoibGFjdWV2YXBsYXkuY29tLGxhY3VldmFwbGF5LmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6Mjg3MzgzMywicGlkIjozNDkyNDYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyOCwicHQiOjQsInBrIjoibnJ4c3l0Z2MiLCJjcGtzIjp7IjI5IjoiZDRlMjMzNmU2YjdkMzM4OGU4MGRjNDVmZDFhZWI2NDYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9sYWN1ZXZhcGxheS5jb20vIiwiYXIiOltdfX0.qckXFHlabaioxW9RZwVVgoRGNR014RprQ7Q8atckGo4; expires=Thu, 01 May 2025 17:53:46 GMT; path=/
Host: dryerlast.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: c108c2d80ec51b98f1455aea85903364
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dryerlast.com/api/users?token=L25yeHN5dGdjP2FkYj1uJmRldj1yJmtleT1kOTc4NjlmZjMxNmEzN2IwNWU4ODhkY2Q0ODhlMzJjMyZrdz0lNUIlNUQmcHNpZD1sYWN1ZXZhcGxheS5jb20lMkNsYWN1ZXZhcGxheS5jb20mcHN0PTE3NDYxMjIwMjYmcmVmZXI9aHR0cHMlM0ElMkYlMkZsYWN1ZXZhcGxheS5jb20lMkYmcmVzPTE0LjIyOSZybXRjPXQmc2NySGVpZ2h0PTgwMCZzY3JXaWR0aD0zNjAmc2hpcD0mc2h1PTEyNTUxNWFmZDQ0NmU0ZGY0Y2YxZmRjNTFkYTg0ODJjZTE2ZDdjNDVhN2QxYzZhMjZiZmJmYWFkNjk2NjRmZDc4MThiMmYwMzM2NTk4ODA3MWIwZmJkNWVkYjZiZGY0MzllOTM2MzZhYzU4ZDQyZWZkN2M2YzBjNGU3NDdiMjNiY2M1NDAyYmVmMzBmZDVlZGY1M2VmZTQxMzU3OWZjNzFkNjFiMmZmZDc2ZTYxNzhhMTRmYTc0JnN1YjM9aW52b2tlX2xheWVyJnRraHo9NjImdHo9LTUmdj0yNS40LjgwMDAmcGlpPSZpbj0mdXVpZD0wMTQ4MGJlOC00OWUzLTQ3YzAtYTgxOC1mMTJjMjg5MGJmYzElM0EyJTNBMQ

192.243.61.225

302 Found

52 kB

URL User Request GET
dryerlast.com/api/users?token=L25yeHN5dGdjP2FkYj1uJmRldj1yJmtleT1kOTc4NjlmZjMxNmEzN2IwNWU4ODhkY2Q0ODhlMzJjMyZrdz0lNUIlNUQmcHNpZD1sYWN1ZXZhcGxheS5jb20lMkNsYWN1ZXZhcGxheS5jb20mcHN0PTE3NDYxMjIwMjYmcmVmZXI9aHR0cHMlM0ElMkYlMkZsYWN1ZXZhcGxheS5jb20lMkYmcmVzPTE0LjIyOSZybXRjPXQmc2NySGVpZ2h0PTgwMCZzY3JXaWR0aD0zNjAmc2hpcD0mc2h1PTEyNTUxNWFmZDQ0NmU0ZGY0Y2YxZmRjNTFkYTg0ODJjZTE2ZDdjNDVhN2QxYzZhMjZiZmJmYWFkNjk2NjRmZDc4MThiMmYwMzM2NTk4ODA3MWIwZmJkNWVkYjZiZGY0MzllOTM2MzZhYzU4ZDQyZWZkN2M2YzBjNGU3NDdiMjNiY2M1NDAyYmVmMzBmZDVlZGY1M2VmZTQxMzU3OWZjNzFkNjFiMmZmZDc2ZTYxNzhhMTRmYTc0JnN1YjM9aW52b2tlX2xheWVyJnRraHo9NjImdHo9LTUmdj0yNS40LjgwMDAmcGlpPSZpbj0mdXVpZD0wMTQ4MGJlOC00OWUzLTQ3YzAtYTgxOC1mMTJjMjg5MGJmYzElM0EyJTNBMQ
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectdryerlast.com
Fingerprint00:8E:AA:B2:9C:33:E0:AD:99:44:0B:3F:FE:DA:62:29:56:1F:54:C5
ValidityWed, 05 Mar 2025 21:08:26 GMT - Tue, 03 Jun 2025 21:08:25 GMT

File type

Size
52 kB (51944 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L25yeHN5dGdjP2FkYj1uJmRldj1yJmtleT1kOTc4NjlmZjMxNmEzN2IwNWU4ODhkY2Q0ODhlMzJjMyZrdz0lNUIlNUQmcHNpZD1sYWN1ZXZhcGxheS5jb20lMkNsYWN1ZXZhcGxheS5jb20mcHN0PTE3NDYxMjIwMjYmcmVmZXI9aHR0cHMlM0ElMkYlMkZsYWN1ZXZhcGxheS5jb20lMkYmcmVzPTE0LjIyOSZybXRjPXQmc2NySGVpZ2h0PTgwMCZzY3JXaWR0aD0zNjAmc2hpcD0mc2h1PTEyNTUxNWFmZDQ0NmU0ZGY0Y2YxZmRjNTFkYTg0ODJjZTE2ZDdjNDVhN2QxYzZhMjZiZmJmYWFkNjk2NjRmZDc4MThiMmYwMzM2NTk4ODA3MWIwZmJkNWVkYjZiZGY0MzllOTM2MzZhYzU4ZDQyZWZkN2M2YzBjNGU3NDdiMjNiY2M1NDAyYmVmMzBmZDVlZGY1M2VmZTQxMzU3OWZjNzFkNjFiMmZmZDc2ZTYxNzhhMTRmYTc0JnN1YjM9aW52b2tlX2xheWVyJnRraHo9NjImdHo9LTUmdj0yNS40LjgwMDAmcGlpPSZpbj0mdXVpZD0wMTQ4MGJlOC00OWUzLTQ3YzAtYTgxOC1mMTJjMjg5MGJmYzElM0EyJTNBMQ HTTP/1.1
Host: dryerlast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dryerlast.com/api/users?token=L25yeHN5dGdjP2tleT0xMGFmYWVjMzU0MDRmZmQ1ZWRiYWQwMTMxYmIzOGVlNiZzdWJtZXRyaWM9MjAyODQwOTU
Cookie: uid_id2=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDI4NDA5NSwiayI6ImQ5Nzg2OWZmMzE2YTM3YjA1ZTg4OGRjZDQ4OGUzMmMzIiwic2lkIjoibGFjdWV2YXBsYXkuY29tLGxhY3VldmFwbGF5LmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6Mjg3MzgzMywicGlkIjozNDkyNDYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyOCwicHQiOjQsInBrIjoibnJ4c3l0Z2MiLCJjcGtzIjp7IjI5IjoiZDRlMjMzNmU2YjdkMzM4OGU4MGRjNDVmZDFhZWI2NDYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9sYWN1ZXZhcGxheS5jb20vIiwiYXIiOltdfX0.qckXFHlabaioxW9RZwVVgoRGNR014RprQ7Q8atckGo4; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Thu, 01 May 2025 17:52:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://momotrk.com/click?key=66e5a790cc9067f6c530&t=0.003110&t1=3.110000&t2=20284095&t3=349246&t4=2873833&t5=3280004&t6=s&t12=Movies
Set-Cookie: uid_id2=01480be8-49e3-47c0-a818-f12c2890bfc1:2:1; expires=Thu, 08 May 2025 17:52:47 GMT; path=/
iprcb822056aaca82c78f9a3d1b1091bda36=5807120; expires=Fri, 02 May 2025 17:52:47 GMT; path=/
pdhtkv=true; expires=Fri, 02 May 2025 17:52:47 GMT; path=/
uncs=1; expires=Fri, 02 May 2025 17:52:47 GMT; path=/
pdhtkv28=true; expires=Fri, 02 May 2025 17:52:47 GMT; path=/
uncs28=1; expires=Fri, 02 May 2025 17:52:47 GMT; path=/
u_pl20284095=1; expires=Fri, 02 May 2025 17:52:47 GMT; path=/
Host: dryerlast.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: f9c132dd2569f52933efc2071acdf92a
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections